Is there any method to use rest api of secured SCDF

[Kim-menu]

trafficstars

Description: Is there any method to use rest api of secured SCDF ? How can I request (example: scdf-domain.com/audit-records) get method to oauth2.0 secured SCDF...

Release versions: 2.10.2

[cppwfs]

Have you taken a peak at our writeup on OAuth in the reference doc? https://docs.spring.io/spring-cloud-dataflow/docs/2.10.2/reference/htmlsingle/#configuration-security-oauth2

[Kim-menu]

yes, I can apply github's oauth2.0 thanks to reference doc.

But, I cannot find how to request rest api to my github oauth secured SCDF.

I only know my Id & password of github.

How can I request?

reference doc does not have any example for request rest api

(Should I use some header? for auth...)

[duckys87]

I have same problem.

I can apply github oauth2.0 and It works well.

but I can't use rest api anymore.

Any bearer token doesn't work.

curl --header "Authorization: Bearer *************" http://{scdf-domain}:30009/apps
{"timestamp":"2024-01-18T12:43:27.603+0000","status":401,"error":"Unauthorized","message":"Unauthorized","path":"/apps"}%

git username & password(or token) not work

curl -u *****:**** 'http://{scdf-domain}:30009/apps'
2024-01-18 12:48:18.196  WARN 1 --- [nio-9393-exec-1] o.s.c.c.s.OAuthSecurityConfiguration     : An authentication failure event occurred while accessing a REST resource that requires authentication.

org.springframework.security.authentication.ProviderNotFoundException: No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken

My setting is

    spring:
      security:
        oauth2:
          client:
            registration:
              github:
                client-id: (My client ID)
                client-secret: (My client Secret)
                authorization-grant-type: authorization_code
            provider:
              github:
                authorization-uri: https://{git-domain}/login/oauth/authorize
                token-uri: https://{git-domain}/login/oauth/access_token
                user-info-uri: https://{git-domain}/api/v3/user

[pyeongjae-jeoun]

Hello, I'm currently checking the same issue as above. Is there anything going on? Github login via dashboard is working fine. Authentication for rest api is not working properly. I checked by issuing a personal token from github, and error 401 occurs in that part like the other person above. The environment is in use by building SCDF on k8s.

[Kim-menu]

@duckys87 , @pyeongjae-jeoun Hi.

I just use some kind of fake-auth-server

spring:
  security:
    oauth2:
      resourceserver:
        opaquetoken:
          introspection-uri: {auth-server-introspection-endpoint-uri}
          client-id: blah
          client-secret: blah

and set like above on SCDF server setting...

if you set like this, SCDF server throw request with user's access token (ex: Bearer blahblah from user) to instrospection-uri (resourceserver) then, resourceserver must response like below

{
  "active": true
  "user": "blah"
  "scope": "blah"
}

I just make fake server that decide active field true or not depends on received token condition(ex: if equals "menukim")

I don't use any oauth2 encode or decode something. just decide response depends on "raw token string".

It is not perfect authentication. However, at least, no one who don't know my string "menukim" can access my SCDF server through rest api.

I hope this helps you.